Cream Finance Loses $19M In A Flash Loan Hack!

Spotlight

  • Cream Finance recently faced a critical vulnerability when a hacker stole nearly $19 million from its platform.
  • While announcing this news on Monday, Cream Finance stated that the protocol halted the exploit. It paused the supply and lending contracts on the Amp token.
  • After the attack, both Amp token and Cream Finance’s own token, CREAM, dropped significantly in value. Amp dropped nearly 13% in the last 24 hours.

A Significant Loss!

Cream Finance is a decentralized finance (DeFi) protocol that allows its users to loan as well as speculate on crypto price variations. The protocol recently faced a critical vulnerability when a hacker stole nearly $19 million from its platform.

According to a report by blockchain security company PeckShield, an unidentified hacker managed to win $18.8 million by taking advantage of the latest Flash loan of the Cream Finance protocol via a retry bug represented by the Amp token. While announcing this news on Monday, Cream Finance stated that the protocol halted the exploit. It paused the supply and lending contracts on the Amp token.

It said, “No other markets were affected.” PeckShield points out that the hacker made the most out of the Amp tokens by reborrowing all the assets during the transfer before renewing the first loan in a total of 17 separate transactions.

While providing the example of the transaction, PeckShield said:

“The hacker makes a flash loan of 500 ETH and deposits the funds as collateral. Then the hacker borrows 19M $AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside $AMP token transfer. Then the hacker self-liquidates the borrow.”

Further, PeckShield added, “The funds are still parked in 0xCE1F….6EDE. We are actively monitoring this address for any movement” while providing the hacker’s address.

CREAM And Amp’s Value Dropped

Amp, the Ethereum based token is specially designed to protect payments on the Flexa digital payment network. The Amp token contract of the protocol implements the ERC-77-based registry smart contract called ERC-1820. ERC-1820 was introduced in the year 2019. Its standard defines a global registry smart contract in which any address “can register which interface it supports and which smart contract is responsible for its implementation.”

After the attack, both Amp token and Cream Finance’s own token, CREAM, dropped significantly in value. Amp dropped nearly 13% in the last 24 hours. According to the data from CoinGecko, the CREAM token is trading at $167, down 5% in the last 24 hours while the Amp token is trading at $0.051908.

Also in February, Hackers hacked DeFi product Alpha Homora for $37 million that exploited Cream’s Iron Bank protocol-to-protocol lending platform. The recent flash loan exploit comes in the middle of a growing number of hacks between centralized and decentralized cryptocurrency platforms.

Moreover, just this Saturday, the Bilaxy cryptocurrency exchange underwent a massive wallet hack. As a result, hackers stole 295 ERC20 tokens. It lost almost $100 million in the August 19 hack.

You can subscribe to our newsletter to get the latest updates daily.